As I couldn’t find anything on the net, I started digging into the error. The error says something about Managers relationship, so I figured I needed to look there. It turned out that there was 10 disabled users in AD that still had Direct Report Users in their AD User.

So in other words: some people had a Manager that was disabled. And since I only took enabled objects in the AD-Connector, some Users referred to an object (their manager) that did not exist! So instead of the connector ignoring these, as it probably should, it made an error and stopped.

Solution

The solution was to create another AD connector that imported the disabled managers. You can use the following LDAP query to find this: